Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-02-06 00:16:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support SSRF_REQUEST_FILTER_WHITELIST as a comma separated string of hostnames to pass through the ssrf request filter #3742

Browse Source
This commit is contained in:
advplyr 2024-12-23 17:18:08 -06:00
parent 5fa263023f
commit 331c7c011c
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/Server.js
View File

@ -53,7 +53,17 @@ class Server {
global.RouterBasePath = ROUTER_BASE_PATH global.RouterBasePath = ROUTER_BASE_PATH
global.XAccel = process.env.USE_X_ACCEL global.XAccel = process.env.USE_X_ACCEL
global.AllowCors = process.env.ALLOW_CORS === '1' global.AllowCors = process.env.ALLOW_CORS === '1'
global.DisableSsrfRequestFilter = process.env.DISABLE_SSRF_REQUEST_FILTER === '1'
if (process.env.DISABLE_SSRF_REQUEST_FILTER === '1') {
Logger.info(`[Server] SSRF Request Filter Disabled`)
global.DisableSsrfRequestFilter = () => true
} else if (process.env.SSRF_REQUEST_FILTER_WHITELIST?.length) {
const whitelistedUrls = process.env.SSRF_REQUEST_FILTER_WHITELIST.split(',').map((url) => url.trim())
if (whitelistedUrls.length) {
Logger.info(`[Server] SSRF Request Filter Whitelisting: ${whitelistedUrls.join(',')}`)
global.DisableSsrfRequestFilter = (url) => whitelistedUrls.includes(new URL(url).hostname)
}
}
if (!fs.pathExistsSync(global.ConfigPath)) { if (!fs.pathExistsSync(global.ConfigPath)) {
fs.mkdirSync(global.ConfigPath) fs.mkdirSync(global.ConfigPath)

4
server/utils/fileUtils.js
View File

@ -277,8 +277,8 @@ module.exports.downloadFile = (url, filepath, contentTypeFilter = null) => {
'User-Agent': 'audiobookshelf (+https://audiobookshelf.org)' 'User-Agent': 'audiobookshelf (+https://audiobookshelf.org)'
}, },
timeout: 30000, timeout: 30000,
httpAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(url), httpAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl),
httpsAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(url) httpsAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl)
}) })
.then((response) => { .then((response) => {
// Validate content type // Validate content type

4
server/utils/podcastUtils.js
View File

@ -244,8 +244,8 @@ module.exports.getPodcastFeed = (feedUrl, excludeEpisodeMetadata = false) => {
Accept: 'application/rss+xml, application/xhtml+xml, application/xml, */*;q=0.8', Accept: 'application/rss+xml, application/xhtml+xml, application/xml, */*;q=0.8',
'User-Agent': userAgent 'User-Agent': userAgent
}, },
httpAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(feedUrl), httpAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl),
httpsAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(feedUrl) httpsAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl)
}) })
.then(async (data) => { .then(async (data) => {
// Adding support for ios-8859-1 encoded RSS feeds. // Adding support for ios-8859-1 encoded RSS feeds.